Cryptography for Absolute Beginners (May 2019)
•Télécharger en tant que PPTX, PDF•
1 j'aime•1,904 vues
Cryptography for Absolute Beginners Svetlin Nakov @ Sofia Science Festival, May 2019 Video (Bulgarian language): https://youtu.be/-QzFcUkM7_4 Blog: https://nakov.com/blog/2019/05/13/cryptography-for-absolute-beginners-nakov-at-sofia-science-festival-may-2019/
Recommandé
Contenu connexe
Tendances
Tendances (20)
Similaire à Cryptography for Absolute Beginners (May 2019)
Similaire à Cryptography for Absolute Beginners (May 2019) (20)
Plus de Svetlin Nakov
Plus de Svetlin Nakov (20)
Dernier
Dernier (20)
Cryptography for Absolute Beginners (May 2019)
- 1. Hashes, MAC, Key Derivation, Encrypting Passwords, Symmetric Ciphers & AES, Digital Signatures & ECDSA Cryptography for Absolute Beginners Dr. Svetlin Nakov Co-Founder, Chief Training & Innovation @ Software University (SoftUni) https://nakov.com Software University (SoftUni) – http://softuni.org
- 2. Table of Contents 1. About the Speaker 2. What is Cryptography? 3. Hashes, MAC Codes and Key Derivation (KDF) 4. Encrypting Passwords: from Plaintext to Argon2 5. Symmetric Encryption and AES 6. Digital Signatures, Elliptic Curves and ECDSA 2
- 3. Software engineer, trainer, entrepreneur, PhD, author of 15+ books, blockchain expert 3 successful tech educational initiatives (150,000+ students) About Dr. Svetlin Nakov 3
- 4. Book "Practical Cryptography for Developers" 4 GitHub: github.com/nakov/pra ctical-cryptography- for-developers-book Book site: https://cryptobook. nakov.com
- 6. Cryptography provides security and protection of information Storing and transmitting data in a secure way Hashing data (message digest) and MAC codes Encrypting and decrypting data Symmetric and asymmetric schemes Key derivation functions (KDF) Key agreement schemes, digital certificates Digital signatures (sign / verify) What is Cryptography? 6
- 8. What is Cryptographic Hash Function? 8 One-way transformation, infeasible to invert Extremely little chance to find a collision Some text Some text Some text Some text Some text Some text Some text 20c9ad97c081d63397d 7b685a412227a40e23c 8bdc6688c6f37e97cfb c22d2b4d1db1510d8f6 1e6a8866ad7f0e17c02 b14182d37ea7c3c8b9c 2683aeb6b733a1 Text Hash (digest) Cryptographic hash function
- 9. SHA-2 (SHA-256, SHA-384, SHA-512) Secure crypto hash function, the most widely used today (RFC 4634) Used in Bitcoin, IPFS, many others SHA-3 (SHA3-256, SHA3-384, SHA3-512) / Keccak-256 Strong cryptographic hash function, more secure than SHA-2 Used in Ethereum blockchain and many modern apps Modern Hashes: SHA-2, SHA3 9 SHA-256('hello') = 2cf24dba5fb0a30e26e83b2ac5b9e29e1b161e5c1fa7 425e73043362938b9824 SHA3-256('hello') = 3338be694f50c5f338814986cdf0686453a888b84f4 24d792af4b9202398f392
- 10. BLAKE2 (BLAKE2s – 256-bit, BLAKE2b – 512-bit) Secure crypto hash function, very fast RIPEMD-160 (160-bit crypto hash) Considered weak, just 160-bits, still unbroken Broken hash algorithms: MD5, SHA-1, MD4, SHA-0, MD2 Git and GitHub still use SHA-1 and suffer of collision attacks Modern Hashes: BLAKE2, RIPEMD-160 10 BLAKE2s('hello') = 19213bacc58dee6dbde3ceb9a47cbb330b3d86f8cca8 997eb00be456f140ca25 RIPEMD-160('hello') = 108f07b8382412612c048d07d13f814118445acd
- 11. Hashes – Demo Play with Hash Functions Online http://hash-functions.online-domain-tools.com https://www.fileformat.info/tool/hash.htm
- 12. HMAC and Key Derivation (KDF) MAC, HMAC, Scrypt, Argon2
- 13. HMAC = Hash-based Message Authentication Code (RFC 2104) HMAC(key, msg, hash_func) hash Message hash mixed with a secret shared key Used for message integrity / authentication / key derivation MAC Codes and HMAC 13 HMAC('key', 'hello', SHA-256) = 9307b3b915efb5171ff14d8cb55fbc c798c6c0ef1456d66ded1a6aa723a58b7b HMAC('key', 'hello', RIPEMD-160) = 43ab51f803a68a8b894cb32ee19e6854e9f4e468
- 14. HMAC – Demo Calculate HMAC- SHA256 Online https://www.freeformatter.com/hmac-generator.html
- 15. Encryption and digital signatures use keys (e.g. 256-bits) Users prefer passwords easier to remember KDF functions transform passwords to keys Key derivation function (KDF) == function(password) key Don't use SHA256(msg + key) its is insecure Use PBKDF2, Scrypt, Bcrypt, Argon2 Bcrypt, Scrypt and Argon2 are modern key-derivation functions Use a lot of iterations + a lot of memory slow calculations HMAC and Key Derivation 15
- 16. Scrypt (RFC 7914) is a strong cryptographic key-derivation function Memory intensive, designed to prevent ASIC and FPGA attacks key = Scrypt(password, salt, N, r, p, derived-key-len) N – iterations count (affects memory and CPU usage), e.g. 16384 r – block size (affects memory and CPU usage), e.g. 8 p – parallelism factor (threads to run in parallel), usually 1 Memory used = 128 * N * r * p bytes, e.g. 128 * 16384 * 8 = 16 MB Parameters for interactive login: N=16384, r=8, p=1 (RAM=16MB) Parameters for file encryption: N=1048576, r=8, p=1 (RAM=1GB) Key Derivation Functions: Scrypt 16
- 18. Clear-text passwords, e.g. store the password directly in the DB Never do anti-pattern! Simple password hash, e.g. store SHA256(password) in the DB Highly insecure, still better than clear-text, dictionary attacks Salted hashed passwords, e.g. store HMAC(pass, random_salt) Almost secure, GPU / ASIC-crackable ASIC-resistant KDF password hash, e.g. Argon2(password) Recommended, secure (when the KDF settings are secure) Password Encryption (Register / Login) 18
- 19. Argon2 is the recommended password-hashing for apps Encrypting Passwords: Argon2 19 hash = argon2.hash(8, 1 << 16, 4, "password"); print("Argon2 hash (random salt): " + hash); print("Argon2 verify (correct password): " + argon2.verify(hash, "password")); print ("Argon2 verify (wrong password): " + argon2.verify(hash, "wrong123")); Argon2 hash (random salt): $argon2id$v=19$m=65536,t=8,p=4$FW2kqbP+nidwHnT3Oc vSEg$oYlK3rXJvk0Be+od3To131Cnr8JksL39gjnbMlUCCTk Argon2 verify (correct password): true Argon2 verify (wrong password): false Register Login Invalid Login
- 20. Argon2 Calculate Hash / Verify Password – Online Demo https://argon2-generator.com
- 21. Symmetric Encryption AES, Block Modes, Authenticated Encryption encrypt (secret key) I am a non- encrypted message … decrypt (secret key) I am a non- encrypted message …
- 22. Symmetric key ciphers Use the same key (or password) to encrypt and decrypt data Popular symmetric algorithms AES, ChaCha20, Twofish, Serpent, RC5, RC6 Broken algorithms (don't use them!) DES, 3DES, RC2, RC4 Symmetric Key Ciphers 22
- 23. Block ciphers Split data on blocks (e.g. 128 bits), then encrypt each block separately, change the internal state, encrypt the next block, … Stream ciphers Work on sequences of data (encrypt / decrypt byte by byte) Block ciphers can be transformed to stream ciphers Using block mode of operation (e.g. CBC, CTR, GCM, CFB, …) https://en.wikipedia.org/wiki/Block_cipher_mode_of_operation Symmetric Key Ciphers 23
- 24. AES – Advanced Encryption Standard (Rijndael) Symmetric key block cipher (128-bit blocks) Key lengths: 128, 160, 192, 224 and 256 bits No significant practical attacks are known for AES Modern CPU hardware implements AES instructions This speeds-up AES and secure Internet communication AES is used by most Internet Web sites for the https:// content The "AES" Cipher 24
- 25. AES is a "block cipher" – encrypts block by block (e.g. 128 bits) Supports several modes of operation (CBC, CTR, GCM, …) Some modes of operation (like CBC / CTR) require initial vector (IV) Non-secret random salt used to get different result each time Recommended modes: CTR (Counter) or GCM (Galois/Counter) CBC may use a padding algorithm (typically PKCS7) to help splitting the input data into blocks of fixed block-size (e.g. 128 bits) May use password to key derivation function, e.g. Argon2(passwd) May use MAC to check the password validity, e.g. HMAC(text, key) AES Cipher Settings 25
- 26. The AES Encryption Process 26 input msg random IV+ AES key+ ciphertext input msg MAC key+ MAC code input msg key+ AES ciphertext MAC+IV+ KDF password key kdf-salt+
- 27. The AES Decryption Process 27 original msg MAC key+ MAC code AES ciphertext IV+ KDF password key original msg decrypt Decryption MAC code compare Encryption MAC code key+ kdf-salt+
- 28. AES-256-CTR-Argon2-HMAC – Encrypt 28 some text {cipher=AES-256-CTR-Argon2-HMACSHA256, cipherText=a847f3b2bc59278107, cipherIV=dd088070cf4f2f6c6560b8fa7fb43f49, kdf=argon2, kdfSalt=90c6fcc318fd273f4f661c019b39b8ed, mac=6c143d139d0d7b29aaa4e0dc5916908d3c27576f4856e3ef487be6eafb23b39a} Text: pass@123Password: AES-256-CTR-Argon2-HMACSHA256Cipher: Encrypted message:
- 30. Asymmetric Encryption Public Key Cryptography and ECIES
- 31. Uses a pair of keys: public key + private key Encrypt / verify by public key Decrypt / sign by private key Public Key Cryptography 31
- 32. Asymmetric encryption is slow and inefficient for large data Hybrid encryption schemes (like ECIES and RSA-OAEP) are used Hybrid encryption schemes Asymmetric algorithm encrypts a random symmetric key Encrypted by the user's public key Decrypted by the user's private key Symmetric algorithm (like AES) encrypts the secret message Message authentication algorithm ensures message integrity Asymmetric Encryption Schemes 32
- 36. Digital Signatures ECDSA, Sign / Verify
- 37. Digital signatures provide message signing / verification Authentication (proof that known sender have signed the message) Integrity (the message cannot be altered after signing) Non-repudiation (signer cannot deny message signing) Digital signatures are based on public key cryptography Messages are signed by someone's private key Signatures are verified by the corresponding public key May use RSA, DSA, elliptic curves (ECC) like ECDSA / EdDSA Digital Signatures – Concepts 37
- 38. Well-known public-key crypto-systems RSA – based on discrete logarithms ECC – based on elliptic curves ECC cryptography is considered more secure 3072-bit RSA key ≈≈ 256-bit ECC key ~ 128-bit security level Most blockchains (like Bitcoin, Ethereum and EOS) use ECC But be warned: ECC is not quantum-safe! Public Key Crypto Systems 38
- 40. https://nakov.com Cryptography for Absolute Beginners